Fabric OS Administrator's Guide v7.2 · 2013-12-20 · Fabric OS Administrator’s Guide 7 53-1002920-02 Chapter 3 Performing Advanced Configuration Tasks Port identifiers (PIDs)

53-1002920-029 September 2013

®

Fabric OSAdministrator’s Guide

Supporting Fabric OS 7.2.0

Copyright © 2013 Brocade Communications Systems, Inc. All Rights Reserved.ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.

The product described by this document may contain “open source” software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.

Brocade Communications Systems, Incorporated

Document History

Corporate and Latin American HeadquartersBrocade Communications Systems, Inc.130 Holger WaySan Jose, CA 95134 Tel: 1-408-333-8000 Fax: 1-408-333-8101 E-mail: [email protected]

Asia-Pacific HeadquartersBrocade Communications Systems China HK, Ltd.No. 1 Guanghua RoadChao Yang DistrictUnits 2718 and 2818Beijing 100020, ChinaTel: +8610 6588 8888Fax: +8610 6588 9999E-mail: [email protected]

European HeadquartersBrocade Communications Switzerland SàrlCentre SwissairTour B - 4ème étage29, Route de l'AéroportCase Postale 105CH-1215 Genève 15Switzerland Tel: +41 22 799 5640Fax: +41 22 799 5641E-mail: [email protected]

Asia-Pacific HeadquartersBrocade Communications Systems Co., Ltd. (Shenzhen WFOE)Citic PlazaNo. 233 Tian He Road NorthUnit 1308 – 13th FloorGuangzhou, ChinaTel: +8620 3891 2000Fax: +8620 3891 2111E-mail: [email protected]

Title Publication number Summary of changes Date

Fabric OS Administrator’s Guide 53-1002920-01 Added Fabric OS v7.2.0 software features and support for embedded switches: Brocade 5431, M6505, and 6547.

July 2013

Fabric OS Administrator’s Guide 53-1002920-02 Corrections and additions for the Fabric OS 7.2.0a release.

September 2013

mailto:[email protected]:[email protected]:[email protected]:[email protected]://www.brocade.com/support/oscd

Contents (High Level)

Section I Standard FeaturesChapter 1 Understanding Fibre Channel Services . . . . . . . . . . . . . . . . . . . . . . . . .45

Chapter 2 Performing Basic Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Chapter 3 Performing Advanced Configuration Tasks . . . . . . . . . . . . . . . . . . . . . .83

Chapter 4 Routing Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

Chapter 5 Buffer-to-Buffer Credits and Credit Recovery. . . . . . . . . . . . . . . . . . . .135

Chapter 6 Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

Chapter 7 Configuring Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

Chapter 8 Configuring Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231

Chapter 9 Maintaining the Switch Configuration File . . . . . . . . . . . . . . . . . . . . . .277

Chapter 10 Installing and Maintaining Firmware . . . . . . . . . . . . . . . . . . . . . . . . . .289

Chapter 11 Managing Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309

Chapter 12 Administering Advanced Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337

Chapter 13 Traffic Isolation Zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379

Chapter 14 Optimizing Fabric Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413

Chapter 15 Bottleneck Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427

Chapter 16 In-flight Encryption and Compression . . . . . . . . . . . . . . . . . . . . . . . . .445

Chapter 17 Diagnostic Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459

Chapter 18 NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473

Chapter 19 Fabric-Assigned PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479

Chapter 20 Managing Administrative Domains . . . . . . . . . . . . . . . . . . . . . . . . . . .485

Section II Licensed FeaturesChapter 21 Administering Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515

Chapter 22 Inter-chassis Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543

Chapter 23 Monitoring Fabric Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551

Chapter 24 Managing Trunking Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569

Fabric OS Administrator’s Guide 353-1002920-02

Chapter 25 Managing Long-Distance Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . .587

Chapter 26 Using FC-FC Routing to Connect Fabrics . . . . . . . . . . . . . . . . . . . . . . .593

Appendix A Port Indexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .641

Appendix B FIPS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645

Appendix C Hexadecimal Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657

4 Fabric OS Administrator’s Guide53-1002920-02

Contents

About This Document

Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . 35

What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Additional information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Section I Standard Features

Chapter 1 Understanding Fibre Channel Services

Fibre Channel services overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Management server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

Platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46Platform services and Virtual Fabrics. . . . . . . . . . . . . . . . . . . . . 47Enabling platform services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Disabling platform services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Management server database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Displaying the management server ACL. . . . . . . . . . . . . . . . . . .48Adding a member to the ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . .48Deleting a member from the ACL . . . . . . . . . . . . . . . . . . . . . . . .49Viewing the contents of the management server database . . .50Clearing the management server database . . . . . . . . . . . . . . . 51

Topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Displaying topology discovery status . . . . . . . . . . . . . . . . . . . . . 51Enabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Disabling topology discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

Device login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53Principal switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53E_Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53Fabric login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54Port login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54RSCNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54Duplicate Port World Wide Name . . . . . . . . . . . . . . . . . . . . . . . .55

High availability of daemon processes . . . . . . . . . . . . . . . . . . . . . . .55


Chapter 2 Performing Basic Configuration Tasks

Fabric OS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Fabric OS command line interface. . . . . . . . . . . . . . . . . . . . . . . . . . .58Console sessions using the serial port. . . . . . . . . . . . . . . . . . . .58Telnet or SSH sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59Getting help on a command . . . . . . . . . . . . . . . . . . . . . . . . . . . .60Viewing a history of command line entries . . . . . . . . . . . . . . . . 61

Password modification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63Default account passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

The switch Ethernet interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64Virtual Fabrics and the Ethernet interface . . . . . . . . . . . . . . . . .65Management Ethernet port bonding . . . . . . . . . . . . . . . . . . . . .65Displaying the network interface settings . . . . . . . . . . . . . . . . .66Static Ethernet addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67DHCP activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69IPv6 autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Date and time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72Setting the date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72Time zone settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72Network time protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Domain IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75Displaying the domain IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75Setting the domain ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Switch names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Customizing the switch name . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Customizing chassis names . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Fabric name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Configuring the fabric name . . . . . . . . . . . . . . . . . . . . . . . . . . . .78High availability considerations for fabric names . . . . . . . . . . .78Upgrade and downgrade considerations for fabric names. . . .78

Switch activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . . .78Disabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79Enabling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79Disabling a chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79Enabling a chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80

Switch and Backbone shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . .80Powering off a Brocade switch . . . . . . . . . . . . . . . . . . . . . . . . . .80Powering off a Brocade Backbone . . . . . . . . . . . . . . . . . . . . . . . 81

Basic connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Device connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82Switch connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82


Chapter 3 Performing Advanced Configuration Tasks

Port identifiers (PIDs) and PID binding overview . . . . . . . . . . . . . . .83Core PID addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8410-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84256-area addressing mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . .85WWN-based PID assignment . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88Port Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88Backbone port blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88Setting port names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89Port identification by slot and port number . . . . . . . . . . . . . . . .89Port identification by port area ID. . . . . . . . . . . . . . . . . . . . . . . .90Port identification by index . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90Configuring a device-switch connection . . . . . . . . . . . . . . . . . . .90Swapping port area IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Port activation and deactivation . . . . . . . . . . . . . . . . . . . . . . . . .92Port decommissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92Setting port modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93Setting port speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94Setting all ports on a switch to the same speed . . . . . . . . . . . .94Setting port speed for a port octet . . . . . . . . . . . . . . . . . . . . . . .95

Blade terminology and compatibility . . . . . . . . . . . . . . . . . . . . . . . . .95CP blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Core blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Port and application blade compatibility . . . . . . . . . . . . . . . . . .98FX8-24 compatibility notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Enabling and disabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98Enabling blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99Disabling blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Blade swapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99How blades are swapped . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100Swapping blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Disabling switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Power management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103Powering off a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103Powering on a port blade . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Equipment status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104Checking switch operation . . . . . . . . . . . . . . . . . . . . . . . . . . . .104Verifying High Availability features (Backbones only) . . . . . . .104Verifying fabric connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . .105Verifying device connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . .105Viewing the switch status policy threshold values. . . . . . . . . .105Setting the switch status policy threshold values . . . . . . . . . .106

Audit log configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107Verifying host syslog prior to configuring the audit log . . . . . .109Configuring an audit log for specific event classes . . . . . . . . .109


Duplicate PWWN handling during device login . . . . . . . . . . . . . . . .110Setting 0, First login precedence . . . . . . . . . . . . . . . . . . . . . . .110Setting 1, Second login precedence. . . . . . . . . . . . . . . . . . . . .110Setting 2, Mixed precedence . . . . . . . . . . . . . . . . . . . . . . . . . .110Setting the behavior for handling duplicate PWWNs. . . . . . . .111

Enabling forward error correction . . . . . . . . . . . . . . . . . . . . . . . . . .111FEC Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112Using the portCfgFec command . . . . . . . . . . . . . . . . . . . . . . . .112

Chapter 4 Routing Traffic

Routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115Paths and route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116FSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116Fibre Channel NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Inter-switch links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118Buffer credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119Congestion versus over-subscription . . . . . . . . . . . . . . . . . . . .119Virtual channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Gateway links. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120Configuring a link through a gateway . . . . . . . . . . . . . . . . . . . .121

Routing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122Displaying the current routing policy . . . . . . . . . . . . . . . . . . . .122Port-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Exchange-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Device-based routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Dynamic Path Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124AP route policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124

Route selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125Dynamic Load Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Frame order delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126Forcing in-order frame delivery across topology changes . . . .127Restoring out-of-order frame delivery across topology changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127Using Frame Viewer to understand why frames are dropped.127

Lossless Dynamic Load Sharing on ports . . . . . . . . . . . . . . . . . . . .129Lossless core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130Configuring Lossless Dynamic Load Sharing . . . . . . . . . . . . . .131Lossless Dynamic Load Sharing in Virtual Fabrics . . . . . . . . .131

Frame Redirection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132Creating a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . .132Deleting a frame redirect zone . . . . . . . . . . . . . . . . . . . . . . . . .133Viewing frame redirect zones . . . . . . . . . . . . . . . . . . . . . . . . . .133


Chapter 5 Buffer-to-Buffer Credits and Credit Recovery

Buffer credit management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135Buffer-to-buffer flow control . . . . . . . . . . . . . . . . . . . . . . . . . . .135Optimal buffer credit allocation . . . . . . . . . . . . . . . . . . . . . . . .136Fibre Channel gigabit values reference definition. . . . . . . . . .137Buffer credit allocation based on full-size frames. . . . . . . . . .137Allocating buffer credits based on average-size frames . . . . .140Configuring buffers for a single port directly . . . . . . . . . . . . . .141Configuring buffers using frame size . . . . . . . . . . . . . . . . . . . .141Calculating the number of buffers required given the distance, speed, and frame size. . . . . . . . . . . . . . . . . . . . . . . .142Allocating buffer credits for F_Ports . . . . . . . . . . . . . . . . . . . . .142Monitoring buffers in a port group . . . . . . . . . . . . . . . . . . . . . .142Buffer credits switch or blade model . . . . . . . . . . . . . . . . . . . .143Maximum configurable distances for Extended Fabrics . . . . .144Downgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . .145Configuring credits for a single VC . . . . . . . . . . . . . . . . . . . . . .146

Buffer credit recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146Buffer credit recovery over an E_Port. . . . . . . . . . . . . . . . . . . .147Buffer credit recovery over an F_Port . . . . . . . . . . . . . . . . . . . .147Buffer credit recovery over an EX_Port. . . . . . . . . . . . . . . . . . .148Enabling and disabling buffer credit recovery . . . . . . . . . . . . .148

Credit loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149Back-end credit loss detection and recovery support on Brocade 5300 switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149Back-end credit loss detection and recovery support on Brocade 6520 switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149Enabling back-end credit loss detection and recovery . . . . . .150

Chapter 6 Managing User Accounts

User accounts overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . .152Management channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154Managing user-defined roles . . . . . . . . . . . . . . . . . . . . . . . . . .154

Local database user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155Default accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156Local account passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157

Local user account database distribution. . . . . . . . . . . . . . . . . . . .158Distributing the local user database . . . . . . . . . . . . . . . . . . . .158Accepting distributed user databases on the local switch . . .158Rejecting distributed user databases on the local switch . . .159

Password policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159Password strength policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159Password history policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160Password expiration policy . . . . . . . . . . . . . . . . . . . . . . . . . . . .161Account lockout policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161


The boot PROM password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163Setting the boot PROM password for a switch with a recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163Setting the boot PROM password for a Backbone with a recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164Setting the boot PROM password for a switch without a recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165Setting the boot PROM password for a Backbone without a recovery string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166

Remote authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167Remote authentication configuration. . . . . . . . . . . . . . . . . . . .167Setting the switch authentication mode . . . . . . . . . . . . . . . . . 171Fabric OS user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Fabric OS users on the RADIUS server . . . . . . . . . . . . . . . . . . .172Setting up a RADIUS server. . . . . . . . . . . . . . . . . . . . . . . . . . . .175LDAP configuration and Microsoft Active Directory . . . . . . . . .181LDAP configuration and OpenLDAP . . . . . . . . . . . . . . . . . . . . .184TACACS+ service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189Remote authentication configuration on the switch . . . . . . . .192Configuring local authentication as backup. . . . . . . . . . . . . . .194

Chapter 7 Configuring Protocols

Security protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

Secure Copy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196Setting up SCP for configuration uploads and downloads . . .197

Secure Shell protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197SSH public key authentication . . . . . . . . . . . . . . . . . . . . . . . . .198

Secure Sockets Layer protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . .200Browser and Java support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200SSL configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .201The browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204Root certificates for the Java plugin . . . . . . . . . . . . . . . . . . . . .205

Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . .206SNMP Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206Management Information Base (MIB) . . . . . . . . . . . . . . . . . . .207Basic SNMP operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207Understanding MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208Access to MIB variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208SNMP support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209Loading Brocade MIBs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212Access Gateway and Brocade MIBs . . . . . . . . . . . . . . . . . . . . .216Firmware upgrades and enabled traps . . . . . . . . . . . . . . . . . .216Support for Administrative Domains . . . . . . . . . . . . . . . . . . . .216Support for Role-Based Access Control . . . . . . . . . . . . . . . . . .216Support for IPv6 addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Support for Virtual Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Configuring SNMP using CLI . . . . . . . . . . . . . . . . . . . . . . . . . . .218


Telnet protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226Blocking Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227Unblocking Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228

Listener applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228

Ports and applications used by switches . . . . . . . . . . . . . . . . . . . .229Port configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229

Chapter 8 Configuring Security Policies

ACL policies overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231How the ACL policies are stored . . . . . . . . . . . . . . . . . . . . . . . .231Policy members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232

ACL policy management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232Displaying ACL policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233Saving changes without activating the policies . . . . . . . . . . . .233Activating ACL policy changes . . . . . . . . . . . . . . . . . . . . . . . . . .233Deleting an ACL policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233Adding a member to an existing ACL policy . . . . . . . . . . . . . . .234Removing a member from an ACL policy . . . . . . . . . . . . . . . . .234Abandoning unsaved ACL policy changes . . . . . . . . . . . . . . . .234

FCS policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235FCS policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235Ensuring fabric domains share policies . . . . . . . . . . . . . . . . . .236Creating an FCS policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236Modifying the order of FCS switches . . . . . . . . . . . . . . . . . . . .237FCS policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238

Device Connection Control policies . . . . . . . . . . . . . . . . . . . . . . . . .238DCC policy restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239Creating a DCC policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239Deleting a DCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240DCC policy behavior with Fabric-Assigned PWWNs . . . . . . . . . 241

SCC Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242Creating an SCC policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243

Authentication policy for fabric elements . . . . . . . . . . . . . . . . . . . .243E_Port authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244Device authentication policy . . . . . . . . . . . . . . . . . . . . . . . . . . .246AUTH policy restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Authentication protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248Secret key pairs for DH-CHAP . . . . . . . . . . . . . . . . . . . . . . . . . .249FCAP configuration overview. . . . . . . . . . . . . . . . . . . . . . . . . . .251Fabric-wide distribution of the authorization policy. . . . . . . . .253


IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253Creating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . .254Cloning an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254Displaying an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . .254Saving an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255Activating an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . . . . . . .255Deleting an IP Filter policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255IP Filter policy rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255IP Filter policy enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . .258Adding a rule to an IP Filter policy. . . . . . . . . . . . . . . . . . . . . . .259Deleting a rule from an IP Filter policy . . . . . . . . . . . . . . . . . . .259Aborting an IP Filter transaction . . . . . . . . . . . . . . . . . . . . . . . .259IP Filter policy distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260

Policy database distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260Database distribution settings . . . . . . . . . . . . . . . . . . . . . . . . .261ACL policy distribution to other switches . . . . . . . . . . . . . . . . .262Fabric-wide enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263Notes on joining a switch to the fabric . . . . . . . . . . . . . . . . . . .264

Management interface security . . . . . . . . . . . . . . . . . . . . . . . . . . . .266Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267IPsec protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269Security associations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269Authentication and encryption algorithms . . . . . . . . . . . . . . . .269IPsec policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270IKE policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Creating the tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272Example of an end-to-end transport tunnel mode. . . . . . . . . . 274

Chapter 9 Maintaining the Switch Configuration File

Configuration settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277Configuration file format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278

Configuration file backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279Uploading a configuration file in interactive mode . . . . . . . . .279

Configuration file restoration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281Configuration download without disabling a switch . . . . . . . .282

Configurations across a fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284Downloading a configuration file from one switch to another switch of the same model . . . . . . . . . . . . . . . . . . . . . .284Security considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284

Configuration management for Virtual Fabrics . . . . . . . . . . . . . . . .285Uploading a configuration file from a switch with Virtual Fabrics enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285Restoring a logical switch configuration using configDownload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286

Brocade configuration form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287


Chapter 10 Installing and Maintaining Firmware

Firmware download process overview . . . . . . . . . . . . . . . . . . . . . . .289Upgrading and downgrading firmware . . . . . . . . . . . . . . . . . . .291Considerations for FICON CUP environments . . . . . . . . . . . . .291HA sync state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291

Preparing for a firmware download . . . . . . . . . . . . . . . . . . . . . . . . .292Obtaining and decompressing firmware . . . . . . . . . . . . . . . . .293Connected switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293

Firmware download on switches . . . . . . . . . . . . . . . . . . . . . . . . . . .294Switch firmware download process overview. . . . . . . . . . . . . .294

Firmware download on a Backbone. . . . . . . . . . . . . . . . . . . . . . . . .296Backbone firmware download process overview. . . . . . . . . . .296

Firmware download from a USB device . . . . . . . . . . . . . . . . . . . . . .299Enabling the USB device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299Viewing the USB file system . . . . . . . . . . . . . . . . . . . . . . . . . . .299Downloading from the USB device using the relative path. . .300Downloading from the USB device using the absolute path. .300

FIPS support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300Public and private key management . . . . . . . . . . . . . . . . . . . .300The firmwareDownload command . . . . . . . . . . . . . . . . . . . . . .301Power-on firmware checksum test . . . . . . . . . . . . . . . . . . . . . .302

Testing and restoring firmware on switches . . . . . . . . . . . . . . . . . .302Testing a different firmware version on a switch . . . . . . . . . . .302

Testing and restoring firmware on Backbones . . . . . . . . . . . . . . . .304Testing different firmware versions on Backbones . . . . . . . . .304

Validating a firmware download . . . . . . . . . . . . . . . . . . . . . . . . . . . .306

Chapter 11 Managing Virtual Fabrics

Virtual Fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309

Logical switch overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310Default logical switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310Logical switches and fabric IDs. . . . . . . . . . . . . . . . . . . . . . . . .311Port assignment in logical switches . . . . . . . . . . . . . . . . . . . . .312Logical switches and connected devices . . . . . . . . . . . . . . . . .313

Management model for logical switches. . . . . . . . . . . . . . . . . . . . .314

Logical fabric overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315Logical fabric and ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315Base switch and extended ISLs . . . . . . . . . . . . . . . . . . . . . . . .316

Account management and Virtual Fabrics . . . . . . . . . . . . . . . . . . .319

Supported platforms for Virtual Fabrics . . . . . . . . . . . . . . . . . . . . .320Supported port configurations in the fixed-port switches. . . .320Supported port configurations in Brocade Backbones . . . . . .321Virtual Fabrics interaction with other Fabric OS features . . . .322


Limitations and restrictions of Virtual Fabrics . . . . . . . . . . . . . . . .322Restrictions on XISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323Restrictions on moving ports . . . . . . . . . . . . . . . . . . . . . . . . . .324

Enabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324

Disabling Virtual Fabrics mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .325

Configuring logical switches to use basic configuration values. . .326

Creating a logical switch or base switch . . . . . . . . . . . . . . . . . . . . .326

Executing a command in a different logical switch context . . . . . .328

Deleting a logical switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329

Adding and moving ports on a logical switch . . . . . . . . . . . . . . . . .329

Displaying logical switch configuration . . . . . . . . . . . . . . . . . . . . . .330

Changing the fabric ID of a logical switch . . . . . . . . . . . . . . . . . . . .331

Changing a logical switch to a base switch . . . . . . . . . . . . . . . . . . .331

Setting up IP addresses for a logical switch . . . . . . . . . . . . . . . . . .333

Removing an IP address for a logical switch. . . . . . . . . . . . . . . . . .333

Configuring a logical switch to use XISLs . . . . . . . . . . . . . . . . . . . .333

Changing the context to a different logical fabric . . . . . . . . . . . . . .334

Creating a logical fabric using XISLs . . . . . . . . . . . . . . . . . . . . . . . .334

Chapter 12 Administering Advanced Zoning

Zone types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337

Zoning overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338Approaches to zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339Zone objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340Zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341Zoning enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342Considerations for zoning architecture . . . . . . . . . . . . . . . . . .342Best practices for zoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343

Broadcast zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . .344Broadcast zones and FC-FC routing . . . . . . . . . . . . . . . . . . . . .345High availability considerations with broadcast zones . . . . . .346Loop devices and broadcast zones . . . . . . . . . . . . . . . . . . . . .346Broadcast zones and default zoning mode . . . . . . . . . . . . . . .346

Zone aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346Creating an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347Adding members to an alias . . . . . . . . . . . . . . . . . . . . . . . . . . .347Removing members from an alias . . . . . . . . . . . . . . . . . . . . . .348Deleting an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349Viewing an alias in the defined configuration . . . . . . . . . . . . .349


Zone creation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . .350Displaying existing zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350Creating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350Adding devices (members) to a zone . . . . . . . . . . . . . . . . . . . .351Removing devices (members) from a zone . . . . . . . . . . . . . . .352Replacing zone members . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353Deleting a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355Viewing a zone in the defined configuration . . . . . . . . . . . . . .356Viewing zone configuration names without case distinction .356Validating a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358

Default zoning mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360Setting the default zoning mode. . . . . . . . . . . . . . . . . . . . . . . .361Viewing the current default zone access mode. . . . . . . . . . . .361

Zone database size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362

Zone configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362Creating a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . .363Adding zones to a zone configuration . . . . . . . . . . . . . . . . . . .363Removing members from a zone configuration. . . . . . . . . . . .364Enabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .364Disabling a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . .365Deleting a zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . .365Abandoning zone configuration changes . . . . . . . . . . . . . . . . .366Viewing all zone configuration information . . . . . . . . . . . . . . .366Viewing selected zone configuration information . . . . . . . . . .367Viewing the configuration in the effective zone database . . .367Clearing all zone configurations . . . . . . . . . . . . . . . . . . . . . . . .367

Zone object maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368Copying a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368Deleting a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369Renaming a zone object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370

Zone configuration management. . . . . . . . . . . . . . . . . . . . . . . . . . .370

Security and zoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Zone merging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371Fabric segmentation and zoning. . . . . . . . . . . . . . . . . . . . . . . .373Zone merging scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373

Concurrent zone transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376Viewing zone database transactions . . . . . . . . . . . . . . . . . . . .377

Chapter 13 Traffic Isolation Zoning

Traffic Isolation Zoning overview . . . . . . . . . . . . . . . . . . . . . . . . . . .379

TI zone failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380Additional considerations when disabling failover . . . . . . . . .381FSPF routing rules and traffic isolation . . . . . . . . . . . . . . . . . .383

Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .384Illegal configurations with enhanced TI zones. . . . . . . . . . . . .385


Traffic Isolation Zoning over FC routers . . . . . . . . . . . . . . . . . . . . . .386TI zones within an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . .388TI zones within a backbone fabric . . . . . . . . . . . . . . . . . . . . . .389Limitations of TI zones over FC routers . . . . . . . . . . . . . . . . . .390

Fabric-Level Traffic Isolation in a backbone fabric . . . . . . . . . . . . .390Fabric-Level TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391Failover behavior for Fabric-Level TI zones . . . . . . . . . . . . . . .392Creating a separate TI zone for each path . . . . . . . . . . . . . . . .392Creating a single TI zone for all paths . . . . . . . . . . . . . . . . . . .393

General rules for TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394Traffic Isolation Zone violation handling for trunk ports . . . . .395

Supported configurations for Traffic Isolation Zoning . . . . . . . . . .396Additional configuration rules for enhanced TI zones . . . . . . .396Trunking with TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397

Limitations and restrictions of Traffic Isolation Zoning . . . . . . . . .398

Admin Domain considerations for Traffic Isolation Zoning . . . . . .398

Virtual Fabrics considerations for Traffic Isolation Zoning . . . . . . .399

Traffic Isolation Zoning over FC routers with Virtual Fabrics . . . . .401

Creating a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .402Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . .404

Modifying TI zones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .405

Changing the state of a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . .406

Deleting a TI zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407

Displaying TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407

Troubleshooting TI zone routing problems . . . . . . . . . . . . . . . . . . .408

Setting up TI zones over FCR (sample procedure) . . . . . . . . . . . . .409

Chapter 14 Optimizing Fabric Behavior

Adaptive Networking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413

Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414Virtual Fabrics considerations. . . . . . . . . . . . . . . . . . . . . . . . . .414Limiting traffic from a particular device . . . . . . . . . . . . . . . . . .415Disabling Ingress Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . .415

QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415License requirements for QoS. . . . . . . . . . . . . . . . . . . . . . . . . .416

CS_CTL-based frame prioritization. . . . . . . . . . . . . . . . . . . . . . . . . .416Supported configurations for CS_CTL-based frame prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417High availability considerations for CS_CTL-based frame prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417Enabling CS_CTL-based frame prioritization on ports . . . . . . . 417Disabling CS_CTL-based frame prioritization on ports . . . . . .418Using CS_CTL auto mode at the chassis level . . . . . . . . . . . . .418Considerations for using CS_CTL-based frame prioritization .418


QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . .419

QoS zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .419QoS on E_Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421QoS over FC routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421Virtual Fabrics considerations for QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422High-availability considerations for QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422Supported configurations for QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423Limitations and restrictions for QoS zone-based traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .424

Setting QoS zone-based traffic prioritization. . . . . . . . . . . . . . . . . .424

Setting QoS zone-based traffic prioritization over FC routers . . . .426

Disabling QoS zone-based traffic prioritization. . . . . . . . . . . . . . . .426

Chapter 15 Bottleneck Detection

Bottleneck detection overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427Types of bottlenecks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .428How bottlenecks are reported. . . . . . . . . . . . . . . . . . . . . . . . . .428

Supported configurations for bottleneck detection . . . . . . . . . . . .429Limitations of bottleneck detection . . . . . . . . . . . . . . . . . . . . .429High availability considerations for bottleneck detection . . . .430Upgrade and downgrade considerations for bottleneck detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430Trunking considerations for bottleneck detection . . . . . . . . . .430Virtual Fabrics considerations for bottleneck detection . . . . .430Access Gateway considerations for bottleneck detection. . . .430

Enabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . . .431

Displaying bottleneck detection configuration details . . . . . . . . . .431

Setting bottleneck detection alerts . . . . . . . . . . . . . . . . . . . . . . . . .433Setting both a congestion alert and a latency alert . . . . . . . .434Setting a congestion alert only . . . . . . . . . . . . . . . . . . . . . . . . .434Setting a latency alert only . . . . . . . . . . . . . . . . . . . . . . . . . . . .435

Changing bottleneck detection parameters . . . . . . . . . . . . . . . . . .435Examples of applying and changing bottleneck detection parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436

Advanced bottleneck detection settings . . . . . . . . . . . . . . . . . . . . .439

Excluding a port from bottleneck detection . . . . . . . . . . . . . . . . . .440

Displaying bottleneck statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .442

Disabling bottleneck detection on a switch . . . . . . . . . . . . . . . . . .442


Chapter 16 In-flight Encryption and Compression

In-flight encryption and compression overview. . . . . . . . . . . . . . . .445Supported ports for in-flight encryption and compression . . .446In-flight encryption and compression restrictions . . . . . . . . . .446How in-flight encryption and compression are enabled . . . . .448Authentication and key generation for encryption and compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448Availability considerations for encryption and compression. .449Virtual Fabrics considerations for encryption and compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .449In-flight compression on long-distance ports. . . . . . . . . . . . . .450Compression ratios for compression-enabled ports . . . . . . . .450

Configuring in-flight encryption and compression on an EX_Port .450

Configuring in-flight encryption and compression on an E_Port . .451

Viewing the encryption and compression configuration . . . . . . . .452

Configuring and enabling authentication for in-flight encryption .453

Enabling in-flight encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455

Enabling in-flight compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456

Disabling in-flight encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456

Disabling in-flight compression . . . . . . . . . . . . . . . . . . . . . . . . . . . .457

Chapter 17 Diagnostic Port

Diagnostic Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459

Supported platforms for D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . .459

Licensing requirements for D_Port . . . . . . . . . . . . . . . . . . . . . . . . .460

Understanding D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .460Advantages of D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461D_Port configuration mode and nature of test . . . . . . . . . . . .461General limitations and considerations for D_Port . . . . . . . . .462

Supported topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463Topology 1: ISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463Topology 2: ICLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463Topology 3: Access Gateways . . . . . . . . . . . . . . . . . . . . . . . . . .464Topology 4: HBA to switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465

Using D_Port without HBAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465Enabling D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465Disabling D_Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466

Using D_Port with HBAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467Automatic mode configuration . . . . . . . . . . . . . . . . . . . . . . . . .467Dynamic mode configuration . . . . . . . . . . . . . . . . . . . . . . . . . .468BCU D_Port commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468Limitations and considerations for D_Port with HBAs. . . . . . .468

Controlling testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .469


Example test scenarios and output . . . . . . . . . . . . . . . . . . . . . . . . .469Confirming SFP and link status with an HBA . . . . . . . . . . . . . .470Starting and stopping D_Port testing . . . . . . . . . . . . . . . . . . . .470

Chapter 18 NPIV

NPIV overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473Upgrade considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474Fixed addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47410-bit addressing mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474

Configuring NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .475

Enabling and disabling NPIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

Viewing NPIV port configuration information . . . . . . . . . . . . . . . . . 476Viewing virtual PID login information . . . . . . . . . . . . . . . . . . . .478

Chapter 19 Fabric-Assigned PWWN

Fabric-Assigned PWWN overview . . . . . . . . . . . . . . . . . . . . . . . . . . .479

User- and auto-assigned FA-PWWN behavior . . . . . . . . . . . . . . . . .480

Configuring an FA-PWWN for an HBA connected to an Access Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .481

Configuring an FA-PWWN for an HBA connected to an edge switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .482

Supported switches and configurations for FA-PWWN. . . . . . . . . .483

Configuration upload and download considerations for FA-PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .483

Security considerations for FA-PWWN . . . . . . . . . . . . . . . . . . . . . . .483

Restrictions of FA-PWWN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484

Access Gateway N_Port failover with FA-PWWN . . . . . . . . . . . . . . .484

Chapter 20 Managing Administrative Domains

Administrative Domains overview . . . . . . . . . . . . . . . . . . . . . . . . . .485Admin Domain features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487Requirements for Admin Domains . . . . . . . . . . . . . . . . . . . . . .487Admin Domain access levels. . . . . . . . . . . . . . . . . . . . . . . . . . .487User-defined Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . .488System-defined Admin Domains. . . . . . . . . . . . . . . . . . . . . . . .488Home Admin Domains and login . . . . . . . . . . . . . . . . . . . . . . .490Admin Domain member types. . . . . . . . . . . . . . . . . . . . . . . . . .491Admin Domains and switch WWNs. . . . . . . . . . . . . . . . . . . . . .492Admin Domain compatibility, availability, and merging . . . . . .494


Admin Domain management for physical fabric administrators . .494Setting the default zoning mode for Admin Domains . . . . . . .495Creating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .495User assignments to Admin Domains . . . . . . . . . . . . . . . . . . .496Removing an Admin Domain from a user account . . . . . . . . .498Activating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . .498Deactivating an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . .499Adding members to an existing Admin Domain. . . . . . . . . . . .499Removing members from an Admin Domain . . . . . . . . . . . . . .500Renaming an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . .500Deleting an Admin Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . .501Deleting all user-defined Admin Domains . . . . . . . . . . . . . . . .502Deleting all user-defined Admin Domains non-disruptively . .502Validating an Admin Domain member list . . . . . . . . . . . . . . . .506

SAN management with Admin Domains . . . . . . . . . . . . . . . . . . . . .506CLI commands in an AD context . . . . . . . . . . . . . . . . . . . . . . . .507Executing a command in a different AD context . . . . . . . . . . .507Displaying an Admin Domain configuration . . . . . . . . . . . . . . .508Switching to a different Admin Domain context. . . . . . . . . . . .508Admin Domain interactions with other Fabric OS features . . .509Admin Domains, zones, and zone databases . . . . . . . . . . . . .510Admin Domains and LSAN zones . . . . . . . . . . . . . . . . . . . . . . .511Configuration upload and download in an AD context . . . . . .512

Section II Licensed Features

Chapter 21 Administering Licensing

Licensing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515

Brocade 7800 Upgrade license . . . . . . . . . . . . . . . . . . . . . . . . . . . .523

ICL licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523ICL 1st POD license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523ICL 2nd POD license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524ICL 8-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524ICL 16-link license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524Enterprise ICL license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524

8G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525

Slot-based licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .526Upgrade and downgrade considerations . . . . . . . . . . . . . . . . .526Assigning a license to a slot . . . . . . . . . . . . . . . . . . . . . . . . . . .526Removing a license from a slot . . . . . . . . . . . . . . . . . . . . . . . . .527

10G licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527Enabling 10 Gbps operation on an FC port . . . . . . . . . . . . . . .528Enabling the 10-GbE ports on an FX8-24 blade . . . . . . . . . . .529


Temporary licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530Restrictions on upgrading temporary slot-based licenses . . .531Date change restriction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531Configupload and download considerations . . . . . . . . . . . . . .531Expired licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531Universal temporary licenses . . . . . . . . . . . . . . . . . . . . . . . . . .532Extending a universal temporary license . . . . . . . . . . . . . . . . .532Universal temporary license shelf life. . . . . . . . . . . . . . . . . . . .532

Viewing installed licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .532

Activating a license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533

Adding a licensed feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533

Removing a licensed feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .534

Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .535Displaying installed licenses . . . . . . . . . . . . . . . . . . . . . . . . . . .536Activating Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . .537Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . .537Displaying the port license assignments . . . . . . . . . . . . . . . . .538Enabling Dynamic Ports on Demand . . . . . . . . . . . . . . . . . . . .538Disabling Dynamic Ports on Demand. . . . . . . . . . . . . . . . . . . .539Reserving a port license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .540Releasing a port from a POD set. . . . . . . . . . . . . . . . . . . . . . . .540

Chapter 22 Inter-chassis Links

Inter-chassis links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543License requirements for ICLs . . . . . . . . . . . . . . . . . . . . . . . . .544

ICLs for the Brocade DCX 8510 Backbone family. . . . . . . . . . . . . .544ICL trunking on the Brocade DCX 8510-8 and DCX 8510-4 . .545

ICLs for the Brocade DCX Backbone family. . . . . . . . . . . . . . . . . . .546ICL trunking on the Brocade DCX and DCX-4S. . . . . . . . . . . . .547

Virtual Fabrics considerations for ICLs . . . . . . . . . . . . . . . . . . . . . .547

Supported topologies for ICL connections . . . . . . . . . . . . . . . . . . .547Mesh topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .547Core-edge topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .549

Chapter 23 Monitoring Fabric Performance

Advanced Performance Monitoring overview . . . . . . . . . . . . . . . . .551Types of monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551Restrictions for installing monitors . . . . . . . . . . . . . . . . . . . . . .552Virtual Fabrics considerations for Advanced Performance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .552Access Gateway considerations for Advanced Performance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .553


End-to-end performance monitoring . . . . . . . . . . . . . . . . . . . . . . . .553Maximum number of EE monitors . . . . . . . . . . . . . . . . . . . . . .553Supported port configurations for EE monitors . . . . . . . . . . . .554Adding EE monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554Setting a mask for an EE monitor . . . . . . . . . . . . . . . . . . . . . . .555Deleting EE monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .556Displaying EE monitor counters . . . . . . . . . . . . . . . . . . . . . . . .557Clearing EE monitor counters . . . . . . . . . . . . . . . . . . . . . . . . . .557

Frame monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558License requirements for frame monitoring . . . . . . . . . . . . . .558Creating frame types to be monitored . . . . . . . . . . . . . . . . . . .559Creating a frame monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . .559Deleting frame types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .560Adding frame monitors to a port. . . . . . . . . . . . . . . . . . . . . . . .560Removing frame monitors from a port . . . . . . . . . . . . . . . . . . .560Saving a frame monitor configuration . . . . . . . . . . . . . . . . . . .560Displaying frame monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . .561Clearing frame monitor counters . . . . . . . . . . . . . . . . . . . . . . .562

Top Talker monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .562Top Talker monitors and FC-FC routing. . . . . . . . . . . . . . . . . . .563Limitations of Top Talker monitors . . . . . . . . . . . . . . . . . . . . . .565Adding a Top Talker monitor to a port (port mode) . . . . . . . . .565Adding Top Talker monitors on all switches in the fabric (fabric mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .565Displaying the top n bandwidth-using flows on a port (port mode). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .566Displaying top talking flows for a given domain ID (fabric mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .566Deleting a Top Talker monitor on a port (port mode) . . . . . . .567Deleting all fabric mode Top Talker monitors. . . . . . . . . . . . . .567

Trunk monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567Trunk monitoring considerations . . . . . . . . . . . . . . . . . . . . . . .567

Saving and restoring monitor configurations . . . . . . . . . . . . . . . . .567

Performance data collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568

Chapter 24 Managing Trunking Connections

Trunking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569Types of trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570Masterless trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570License requirements for trunking . . . . . . . . . . . . . . . . . . . . . . 571Port groups for trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571

Supported platforms for trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . 571

Supported configurations for trunking . . . . . . . . . . . . . . . . . . . . . . 571High Availability support for trunking . . . . . . . . . . . . . . . . . . . .572

Requirements for trunk groups . . . . . . . . . . . . . . . . . . . . . . . . . . . .572

Recommendations for trunk groups . . . . . . . . . . . . . . . . . . . . . . . .572

Configuring trunk groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573


Enabling trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574

Disabling trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574

Displaying trunking information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574

Trunk Area and Admin Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . 576Example of Trunk Area assignment on port domain,index . . . 576

ISL trunking over long-distance fabrics . . . . . . . . . . . . . . . . . . . . . . 576

EX_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .577Masterless EX_Port trunking. . . . . . . . . . . . . . . . . . . . . . . . . . .577Supported configurations and platforms for EX_Port trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .578Configuring EX_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . .578Displaying EX_Port trunking information . . . . . . . . . . . . . . . . .578

F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .579F_Port trunking for Access Gateway . . . . . . . . . . . . . . . . . . . . .579F_Port trunking for Brocade adapters . . . . . . . . . . . . . . . . . . .581F_Port trunking considerations. . . . . . . . . . . . . . . . . . . . . . . . .582F_Port trunking in Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . .584

Displaying F_Port trunking information . . . . . . . . . . . . . . . . . . . . . .585

Disabling F_Port trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .585

Enabling the DCC policy on a trunk area. . . . . . . . . . . . . . . . . . . . .586

Chapter 25 Managing Long-Distance Fabrics

Long-distance fabrics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . .587

Extended Fabrics device limitations . . . . . . . . . . . . . . . . . . . . . . . .588

Long-distance link modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .588

Configuring an extended ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .589Enabling long distance when connecting to TDM devices . . .590

Forward error correction on long-distance links . . . . . . . . . . . . . . .591Enabling FEC on a long-distance link . . . . . . . . . . . . . . . . . . . .591Disabling FEC on a long-distance link . . . . . . . . . . . . . . . . . . .591

Chapter 26 Using FC-FC Routing to Connect Fabrics

FC-FC routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593License requirements for FC-FC routing . . . . . . . . . . . . . . . . . .594Supported platforms for FC-FC routing. . . . . . . . . . . . . . . . . . .594Supported configurations for FC-FC routing. . . . . . . . . . . . . . .595Network OS connectivity limitations . . . . . . . . . . . . . . . . . . . . .595

Fibre Channel routing concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . .596Proxy devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .599FC-FC routing topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .600Phantom domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .601FC router authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .603

Setting up FC-FC routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .603Verifying the setup for FC-FC routing . . . . . . . . . . . . . . . . . . . .604


Backbone fabric IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .605Assigning backbone fabric IDs . . . . . . . . . . . . . . . . . . . . . . . . .606

FCIP tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .606

Inter-fabric link configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .607Configuring an IFL for both edge and backbone connections 607Configuring EX_Ports on an ICL . . . . . . . . . . . . . . . . . . . . . . . .611

FC router port cost configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .613Port cost considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .614Setting router port cost for an EX_Port. . . . . . . . . . . . . . . . . . .614

Shortest IFL cost configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .615Configuring shortest IFL cost . . . . . . . . . . . . . . . . . . . . . . . . . . 617

EX_Port frame trunking configuration . . . . . . . . . . . . . . . . . . . . . . .619

LSAN zone configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .620Use of Admin Domains with LSAN zones and FC-FC routing .620Zone definition and naming . . . . . . . . . . . . . . . . . . . . . . . . . . .620LSAN zones and fabric-to-fabric communications. . . . . . . . . .621Controlling device communication with the LSAN . . . . . . . . . .621Configuring backbone fabrics for interconnectivity . . . . . . . . .623Setting the maximum LSAN count . . . . . . . . . . . . . . . . . . . . . .624HA and downgrade considerations for LSAN zones . . . . . . . .624LSAN zone policies using LSAN tagging . . . . . . . . . . . . . . . . . .624LSAN zone binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .628

Proxy PID configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .633

Fabric parameter considerations . . . . . . . . . . . . . . . . . . . . . . . . . . .633

Inter-fabric broadcast frames. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .634Displaying the current broadcast configuration. . . . . . . . . . . .634Enabling broadcast frame forwarding . . . . . . . . . . . . . . . . . . .634Disabling broadcast frame forwarding . . . . . . . . . . . . . . . . . . .634

Resource monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .634

FC-FC routing and Virtual Fabrics. . . . . . . . . . . . . . . . . . . . . . . . . . .636Logical switch configuration for FC routing . . . . . . . . . . . . . . .637Backbone-to-edge routing with Virtual Fabrics . . . . . . . . . . . .638

Upgrade and downgrade considerations for FC-FC routing . . . . . .639How replacing port blades affects EX_Port configuration. . . .639

Displaying the range of output ports connected to xlate domains639

Appendix A Port Indexing

Appendix B FIPS Support

FIPS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645

Zeroization functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .645Power-on self-tests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .647Conditional tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .647


FIPS mode configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .647LDAP in FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .648LDAP certificates for FIPS mode . . . . . . . . . . . . . . . . . . . . . . . .650

Preparing a switch for FIPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .651Overview of steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .652Enabling FIPS mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .652Zeroizing for FIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .655Displaying FIPS configuration . . . . . . . . . . . . . . . . . . . . . . . . . .655

Appendix C Hexadecimal Conversion

Example conversion of the hexadecimal triplet Ox616000 . .657Decimal-to-hexadecimal conversion table . . . . . . . . . . . . . . . .658

Index


Figures

Figure 1 Well-known addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Figure 2 Identifying the blades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Figure 3 Blade swap with Virtual Fabrics during the swap. . . . . . . . . . . . . . . . . . . . . . . . 101Figure 4 Blade swap with Virtual Fabrics after the swap . . . . . . . . . . . . . . . . . . . . . . . . . 102Figure 5 Principal ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Figure 6 New switch added to existing fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Figure 7 Virtual channels on a QoS-enabled ISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Figure 8 Gateway link merging SANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Figure 9 Single host and target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132Figure 10 Windows 2000 VSA configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173Figure 11 Example of a brocade.dct file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Figure 12 Example of the dictiona.dcm file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Figure 13 SNMP structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Figure 14 SNMP query. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Figure 15 SNMP trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Figure 16 Brocade MIB tree location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Figure 17 DH-CHAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244Figure 18 Protected endpoints configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267Figure 19 Gateway tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Figure 20 Endpoint-to-gateway tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Figure 21 Switch before and after enabling Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . 310Figure 22 Switch before and after creating logical switches . . . . . . . . . . . . . . . . . . . . . . . 311Figure 23 Fabric IDs assigned to logical switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312Figure 24 Assigning ports to logical switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312Figure 25 Logical switches connected to devices and non-Virtual Fabrics switch . . . . . . 314Figure 26 Logical switches in a single chassis belong to separate fabrics . . . . . . . . . . . . 314Figure 27 Logical switches connected to other logical switches through physical ISLs. . 316Figure 28 Logical switches connected to form logical fabrics . . . . . . . . . . . . . . . . . . . . . . 316Figure 29 Base switches connected by an XISL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317Figure 30 Logical ISLs connecting logical switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318Figure 31 Logical fabric using ISLs and XISLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318Figure 32 Example of logical fabrics in multiple chassis and XISLs . . . . . . . . . . . . . . . . . 335Figure 33 Zoning example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339Figure 34 Broadcast zones and Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345Figure 35 Traffic Isolation zone creating a dedicated path through the fabric . . . . . . . . . 380Figure 36 Fabric incorrectly configured for TI zone with failover disabled . . . . . . . . . . . . 382


Figure 37 Dedicated path is the only shortest path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383Figure 38 Dedicated path is not the shortest path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384Figure 39 Enhanced TI zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384Figure 40 Illegal ETIZ configuration: two paths from one port to two devices on the

same remote domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385Figure 41 Illegal ETIZ configuration: two paths from one port . . . . . . . . . . . . . . . . . . . . . . 386Figure 42 Traffic Isolation Zoning over FCR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387Figure 43 TI zone in an edge fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388Figure 44 TI zone in a backbone fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389Figure 45 Fabric-level traffic isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391Figure 46 TI zone misconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395Figure 47 Dedicated path with Virtual Fabrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399Figure 48 Creating a TI zone in a logical fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400Figure 49 Creating a TI zone in a base fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400Figure 50 Example configuration for TI zones over FC routers in logical fabrics . . . . . . . 401Figure 51 Logical representation of TI zones over FC routers in logical fabrics . . . . . . . . 401Figure 52 TI over FCR example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409Figure 53 QoS traffic prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420Figure 54 QoS with E_Ports enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421Figure 55 Traffic prioritization in a logical fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423Figure 56 Affected seconds for bottleneck detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433Figure 57 Encryption and compression on 16 Gbps ISLs. . . . . . . . . . . . . . . . . . . . . . . . . . 446Figure 58 Example of a basic D_Port connection between switches . . . . . . . . . . . . . . . . 460Figure 59 ISLs connecting multiple switches and chassis . . . . . . . . . . . . . . . . . . . . . . . . . 463Figure 60 ICLs connecting chassis blades. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463Figure 61 Single Access Gateway to switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464Figure 62 Multiple Access Gateways cascaded to switch . . . . . . . . . . . . . . . . . . . . . . . . . 464Figure 63 Access Gateway to HBA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464Figure 64 HBA to switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465Figure 65 Fabric-assigned port World Wide Name provisioning scenarios . . . . . . . . . . . . 480Figure 66 Fabric with two Admin Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486Figure 67 Filtered fabric views when using Admin Domains . . . . . . . . . . . . . . . . . . . . . . . 486Figure 68 Fabric with AD0 and AD255. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490Figure 69 Fabric showing switch and device WWNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493Figure 70 Filtered fabric views showing converted switch WWNs . . . . . . . . . . . . . . . . . . . 493Figure 71 AD0 and two user-defined Admin Domains, AD1 and AD2 . . . . . . . . . . . . . . . . 504Figure 72 AD0 with three zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504Figure 73 Minimum configuration for 64 Gbps ICLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545Figure 74 DCX-4S allowed ICL connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546Figure 75 ICL triangular topology with Brocade DCX 8510-8 chassis . . . . . . . . . . . . . . . . 548Figure 76 Full nine-mesh topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549Figure 77 64 Gbps ICL core-edge topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550


Figure 78 Setting end-to-end monitors on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554Figure 79 Mask positions for end-to-end monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556Figure 80 Fabric mode Top Talker monitors on FC router do not monitor any flows . . . . 564Figure 81 Fabric mode Top Talker monitors on FC router monitor flows over the E_Port 564Figure 82 Port group configuration for the Brocade 5100 . . . . . . . . . . . . . . . . . . . . . . . . . 571Figure 83 Switch in Access Gateway mode without F_Port masterless trunking . . . . . . . 580Figure 84 Switch in Access Gateway mode with F_Port masterless trunking . . . . . . . . . . 580Figure 85 A metaSAN with inter-fabric links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596Figure 86 A metaSAN with edge-to-edge and

Documents

Fabric OS Administrator's Guide v7.2 · 2013-12-20 · Fabric OS Administrator’s Guide 7 53-1002920-02 Chapter 3 Performing Advanced Configuration Tasks Port identifiers (PIDs)